Guide to conducting practical assessments to identify vulnerabilities

Blog

Mitigating your security risk begins from the outside. Conducting practical assessments allows your organization to identify vulnerabilities to your infrastructure, resources, and staff – and buy-in for effective preparedness starts at the top.

Strong support and participation from organizational leaders promote a safe, secure, and productive work environment. Never merely “check the box” to meet a requirement. The risk vs. reward of potential litigation can be motivating enough to invest in improvement, and a proper assessment can act as an insurance policy against loss, financial or otherwise.

Conducting an assessment requires honesty and objectivity. If you find something wrong, it’s easy to say, “oh, that rarely happens” or “we can just ignore it this time” – don’t do it. Things that stick out during an assessment may happen all the time; you just don’t notice them. While we’re all hesitant to put our deficiencies on display, an assessment isn’t a pass/fail event; it’s simply a snapshot of where you are at that moment. A third-party assessment team can provide an objective view- point some find unable to give themselves. Going it alone can be a lot like grading your own test.

Assessments should consist of physical inspections of your facility’s perimeter, exterior, interior, safety/security systems, and networks, as well as a review of access control, visitor management, and emergency response protocols. Competent assessors don’t just look at the physical aspects. They conduct interviews with random staff members. Doing so gains valuable insight into day-to-day activities and can identify general safety and security concerns that may otherwise never come to light.

However, it’s not all about security. Just as a propped open door negatively affects access control, malfunctioning or expired life safety equipment (e.g., fire extinguishers, AEDs, eye- wash stations, etc.) is also a vulnerability that you should address.

Time is a factor, and assessments take time. A comprehensive walkthrough can take upwards of 8-hours or more, depending upon the facility – and that doesn’t even take into ac- count the initial analysis and reconnaissance, report development, and corrective action planning. However, it’s worth the opportunity to see your facility as you never have before. We’ve witnessed department heads, building supervisors, school principals, and even maintenance staff – folks who spend more time than most in their facilities – display amazement at what they’ve never noticed in their daily routines. While some may see that as complacency – we don’t – we see it as a common occurrence in places we are most familiar. If you don’t know what you’re looking for, you’re not going to find it.

Assessments cover the entire perimeter, facility exteriors, parking lots, vehicle and pedestrian entrances, hallways, offices, common areas, conference rooms, maintenance areas, roofs, and basements. Assessors need to test lighting, test door hardware and windows, test alarms and P/A systems, test everything they can! Options for improvement are higher if you are willing to be thorough. And it all starts with your methodology.

The methodology that guides the assessment determines the outcome. The North Group’s assessment methodology considers guidance and recommendations from the U.S. Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), Federal Bureau of Investigation (FBI), U.S. Department of Education, American Society of Civil Engineers (ASCE), Occupational Safety and Health Administration (OSHA), and all levels of emergency response agencies, as well as lessons learned from our combined experience conducting assessments nationwide. Additionally, our meth- odology applies concepts of CARVER (Criticality, Accessibility, Recuperability, Vulnerability, Effect Recognizability) + Shock, Crime Prevention Through Environmental Design (CPTED), DHS Best Practices for Anti-Terrorism Security (BPATS), and industry specific requirements.

This bottom line is that conducting assessments can feel daunting but should never be overlooked. An objective analysis of your security capabilities will not only reveal things you never knew were (or weren’t) there, they provide the opportunity to improve in many ways. As leaders, we should continually strive to positively affect the overall facility environment and project a confident, proactive outlook to our employees.

Contact us to find out more about how The North Group can assist your organization in mitigating its vulnerabilities.

Download this article

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *